Snyk has created this PR to upgrade auth0-js from 9.19.0 to 9.19.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 1 version ahead of your current version.
The recommended version was released 21 days ago, on 2022-09-09.
This release by default now stores additional cookies for backward compatibility when using the SameSite attribute, for those older browsers that do not understand SameSite=None. As well as creating the normal transaction cookies with Secure=true and SameSite=none, it also stores a _x_compat cookie (where x is the name of the original cookie) which only sets Secure=true.
If the generation of these extra cookies is undesirable or unnecessary for your use case, you can turn them back off by setting legacySameSiteCookie: false in the SDK configuration.
Added
Add compatibility cookie for SameSite, with option to turn it off #1232 (stevehobbsdev)
Snyk has created this PR to upgrade auth0-js from 9.19.0 to 9.19.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: auth0-js
This release includes some clarification updates to the readme, as well as a culmination of security patches from dependabot.
Changed
Security
This release by default now stores additional cookies for backward compatibility when using the
SameSite
attribute, for those older browsers that do not understandSameSite=None
. As well as creating the normal transaction cookies withSecure=true
andSameSite=none
, it also stores a_x_compat
cookie (wherex
is the name of the original cookie) which only setsSecure=true
.If the generation of these extra cookies is undesirable or unnecessary for your use case, you can turn them back off by setting
legacySameSiteCookie: false
in the SDK configuration.Added
Commit messages
Package name: auth0-js
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs